CWE-41
24 CVEs classified under CWE-41. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-24470 | High | 8.1 | 2025-02-11 | An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a rem… |
CVE-2026-5816 | High | 8.0 | 2026-04-22 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthentic… |
CVE-2024-30073 | High | 7.8 | 2024-09-10 | Windows Security Zone Mapping Security Feature Bypass Vulnerability |
CVE-2023-36396 | High | 7.8 | 2023-11-14 | Windows Compressed Folder Remote Code Execution Vulnerability |
CVE-2026-23674 | High | 7.5 | 2026-03-10 | Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. |
CVE-2022-0855 | High | 7.4 | 2022-03-04 | Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to 0.0.4. |
CVE-2024-8765 | High | 7.3 | 2025-03-20 | In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path… |
CVE-2024-30036 | Medium | 6.5 | 2024-05-14 | Windows Deployment Services Information Disclosure Vulnerability |
CVE-2023-46169 | Medium | 6.5 | 2024-03-07 | IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow an authenticated user to arbitrarily delete a file. IBM X-Force ID… |
CVE-2024-45405 | Medium | 6.0 | 2024-09-06 | `gix-path` is a crate of the `gitoxide` project (an implementation of `git` written in Rust) dealing paths and their conversions. Prior to version 0.10.11, `gi… |
CVE-2026-34510 | Medium | 5.3 | 2026-04-01 | OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-… |
CVE-2025-54107 | Medium | 4.3 | 2025-09-09 | Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. |
CVE-2024-6839 | Medium | 4.3 | 2025-03-20 | corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific on… |
CVE-2025-21247 | Medium | 4.3 | 2025-03-11 | Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. |
CVE-2025-21332 | Medium | 4.3 | 2025-01-14 | MapUrlToZone Security Feature Bypass Vulnerability |
CVE-2025-21189 | Medium | 4.3 | 2025-01-14 | MapUrlToZone Security Feature Bypass Vulnerability |
CVE-2025-21328 | Medium | 4.3 | 2025-01-14 | MapUrlToZone Security Feature Bypass Vulnerability |
CVE-2025-21329 | Medium | 4.3 | 2025-01-14 | MapUrlToZone Security Feature Bypass Vulnerability |
CVE-2025-21219 | Medium | 4.3 | 2025-01-14 | MapUrlToZone Security Feature Bypass Vulnerability |
CVE-2025-21269 | Medium | 4.3 | 2025-01-14 | Windows HTML Platforms Security Feature Bypass Vulnerability |